The Pablo Software Solutions FTP server version 1.0 build 9 for Windows 98/NT/XP shows files and directories that reside outside the normal FTP root directory. Fix available here.
6df65debffed14ad12b5f0d01521b4a49980ff30538c271b7f1ec8895d429fa5
Vscan v1.2 is a perl script which uses nmap, snmpstatus, whois, and host commands to find information about a remote host.
f5a841b37cafc2ff6237685a106ab9f3e1fbe2b2f3f195f09fcb1cf2b4a9d834
Code Blue remote exploit for OpenBSD. Code blue is a code red scanner with several vulnerabilities.
cff16d5936946288cd9899071ceab6d62a74a4b57a019d0ed58b1845d5195c7d
Writing Linux kernel based key loggers - Includes a sample key logger which can log user input and passwords.
7f88f2d22ed4e054498403e9c2f923a531d0e030d05598992787c9f2a357b715
Writing shellcode for Linux/390 mainframes. Includes port binding shellcode example.
c882054b5eac3179b12735dc7e7d8bd4b960f0cbc421c7afa516ca6eb6614193
Phrack Magazine Issue 59 Release Candidate 1 - In this issue: Handling the Interrupt Descriptor Table, Advances in kernel hacking II, Defeating Forensic Analysis on Unix, Advances in format string exploitation, Runtime process infection, Bypassing PaX ASLR protection, Execution path analysis: finding kernel rootkits, Cuts like a knife, SSHarp, Building ptrace injecting shellcodes, Linux/390 shellcode development, Writing linux kernel keyloggers, Cryptographic random number generators, Playing with windows /dev/(k)mem, Phrack World News, Loopback, and Linenoise.
79115d1b271465569aece42fafcb7edd1c26a8972e97d2e4a8a9372119ae3983
MailMax Standard/Professional popmax v4.8.2.5 and below remote exploit. Sends a long USER string to the pop3 daemon. Tested against Windows 2000 Professional/Server and Windows XP Professional. Patch available here.
6463001871555a4dde5d4631306b9a8eea057ffea8d2462e5fd5a2f22fe762f5
MailMax Standard/Professional popmax v4.8.2.5 patch which fixes a buffer overflow in the USER string.
90cf9e79ea1e5a2cc7a7588d1ce8f11fcc5d80d7fa81284eee2789230e15d36b
MIME Defanger is a flexible MIME e-mail scanner designed to protect Windows clients from viruses and other harmful executables. It works with Sendmail 8.11 / 8.12's "milter" API and will alter or delete various parts of a MIME message according to a flexible configuration file.
0a95c7c4b33ab669e6cb682dee59695f3c5a9ba16430de53a4fadcd79aad056e
Samhain is a file system integrity checker that can be used as a client/server application for centralized monitoring of networked hosts. Databases and configuration files can be stored on the server. In addition to forwarding reports to the log server via authenticated TCP/IP connections, several other logging facilities (e-mail, console, tamper-resistant log file, and syslog) are available. Tested on Linux, AIX 4.1, HP-UX 10.20, Unixware 7.1.0, and Solaris 2.6.
ffa74ffac9f6fd324dc72211172b17144efed59f789ab45f7eecfb30df33a226
Nmap is a utility for port scanning large networks, although it works fine for single hosts. Sometimes you need speed, other times you may need stealth. In some cases, bypassing firewalls may be required. Not to mention the fact that you may want to scan different protocols (UDP, TCP, ICMP, etc.). Nmap supports Vanilla TCP connect() scanning, TCP SYN (half open) scanning, TCP FIN, Xmas, or NULL (stealth) scanning, TCP ftp proxy (bounce attack) scanning, SYN/FIN scanning using IP fragments (bypasses some packet filters), TCP ACK and Window scanning, UDP raw ICMP port unreachable scanning, ICMP scanning (ping-sweep), TCP Ping scanning, Direct (non portmapper) RPC scanning, Remote OS Identification by TCP/IP Fingerprinting, uptime calculation, and Reverse-ident scanning. Nmap also supports a number of performance and reliability features such as dynamic delay time calculations, packet timeout and retransmission, parallel port scanning, detection of down hosts via parallel pings. Screenshot available here.
b183fb546b3246e3098a4354e3b9c060c8be81a5b38d4324dac6a8d569e9437a
The Logging Project (formerly salt) are tools which provide centralized, secure and fault-tolerant logging. It is flexible, robust, and easy to integrate, making it a good alternative to replacing syslog.
02c2c1b3964187dfb6201bdd2eaf7f5bd457d9e8ada5fb6d50b2cd2a7463bfda
Linux Security Auditing Tool (LSAT) is a post install security auditing tool. It is modular in design, so new features can be added quickly. It checks inetd entries and looks for unneeded RPM packages. It is being expanded to work with Linux distributions other than Red Hat, and checks for kernel versions.
981c88bea3e70dc303ffe5868239d1ae567c6b7e4b9740e14a31c45c3062a22a
Injectso is a tool that can be used to inject shared libraries into running processes on Linux (x86/IA32 and Sparc) and Solaris (Sparc). It also provides routines that can be used by injected libraries to easily modify the behavior of the host process by intercepting library function calls. This allows you to intercept input or output, send and receive information over open sockets in that process, read and write to files opened exclusively by that process, close a file descriptor to a socket and redirect the i/o to a file for debugging, and much more. This is similar to an article in Phrack 59, but more refined. More information available here.
86ed5a565b200987649f97d7851229c076e37c2ddfedbb27bc8483bd7203e7a6
Tiny Honeypot (thp) is a simple honey pot program based on iptables redirects, an xinetd listener, and perl. It listens on every TCP port not currently in use, logging all activity and providing some feedback to the attacker. The responders, written in Perl, provide just enough interaction to fool most automated attack tools, as well as quite a few humans, at least for a little while.
8a5a69d349e54b174e39d30a39ce23e811ad62fcfc00b68e0418dbc09e533a8e
All versions of SSH and OpenSSH which use computability mode 1.99 are vulnerable to a mitm attack without the duplicate key warning because the attacker can force protocol version 1, so the only warning the user gets asks him if he wants to add the new key. Still suspicious, but less so.
98d4d1bb0a58e04cbf0d8839a3f693e46ecfcac7a397eef7bae93eb8985ab548
Forbidden Knowledge Issue 17 - My Anus iz Huge, Sum Stuf, and Sm Othrr Stufs.
a4cb10a843e586f64b77056b70722166bd5d12a962da18ee898cc751f21a023b
Url2ip.c 0.1p3 resolves the ip's of url's stored in a file. Useful for synscan.
fdcf3a3aec6641775dbad19ea77843263773acfbf61730c3e35f94482e38044d
SPIKE proxy is a proxy which uses the SPIKE API to help reverse engineer new and unknown network protocols. Provides security analysis features for Web applications, a multi-threaded design, man in the middle SSL proxying, handles Connection: keep-alive properly (it is possible to log in to Hotmail with it), and rewrites User-Agent to pretend to be running IE. Requires pyOpenSSL pre 0.5 from the SPIKE Web page. Several working examples are included. Screenshot available here.
9b38f8f7bb8355547afc59ac401553989648c2392fa630a1188abaabde229a6b
Fast telnetd scanner - Scans a class c in 6 seconds.
2f6af573a7fd9dd2766bd7eaf216b2e57f790e738a8adc81019aef68d86318aa
Vortex is a pair of shortcuts which point to each other. When placed on the desktop they crash the machine repeatedly. Works best in NT/XP/2000.
1d54a914f6dd1ec7716349050ad39c2ca8fe5156c52dcbc82ae0ddc61e1f834c
Nanog traceroute format string local root exploit.
5fec0e1d8861a9656e800d1b688a2f580c667ee63c38b1e84d84cffb102fe6ab
Caldera security advisory CSSA-2002-SCO.35 - A format string vulnerability found in the crontab utility can allow local users to gain root level privileges. This issue affects Caldera OpenServer 5.0.5 and OpenServer 5.0.6 .
4b6d1da615ec1c788d6aa26337d81d1fef020b841d6c3833d41e806acfb24350
PHP Security Advisory - A vulnerability has been found in the parsing mechanism of headers that are received with POST requests. This vulnerability, which affects PHP 4.2.0 and 4.2.1, can be used in denial of service (IA-32) and remote code execution attacks and has been fixed on PHP 4.2.2.
069feb6775ff333892843900329a35f88dd3947893a63c02a9e57a870ba5b00a
A buffer overflow found in VanDyke SecureCRT v3.4 & 4.0 beta allows malicious server owners to execute code on systems running this software.
cb3b1d24a9ff87e3e05d59f562932d35f8b8b325d39643420d95ce5899443046